Okay LogoOkay Logo

PDS2 SCA compliance checklist

30/12/2019

artifact

One of the aims of the Revised Payment Service Directive, more commonly known as PSD2, is to better protect consumers when they pay online. The requirement for a strong customer authentication (SCA) in a majority of electronic payments is a key element of the regulation. 

The requirements of SCA

To increase the security of transactions SCA has a requirement for multi-factor authentication. SCA requires that transactions are authenticated with at least two of these three factors:

  • Possession: Something the user has, like a token
  • Knowledge: Something the user knows, like a pin or a password
  • Inherence: Something the user is. Most commonly refers to biometrics like fingerprints.

Beyond what is commonly called second factor authentication, the EBA also made a few requirements about security itself, around the transaction and its authentication process. 

In June 2019 the European Banking Authority (EBA) published an opinion on how the elements of SCA should be understood under PSD2. When evaluating whether your service is SCA compliant under PSD2 it is important that it is in line with EBA’s opinion

Is your app compliant?

With Okay’s checklist you have an easy-to-use tool to check if your app is ready for PSD2 SCA compliance. In addition to the authentication factors the checklist includes points on the secure environment, malware protection and documentation of the solution. Download the checklist, and check if you are ready for SCA under PSD2.